Proof-of-concept two-stage dropper generator that uses bits from external sources
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
LICENSE
README.md
bsidesdfw_wiki_example.py
mkmalwarefrom.py

README.md

mkmalwarefrom

mkmalwarefrom is a proof-of-concept two-stage dropper generator. It was released as part of the Malwares From Thin Bits talk given at BSidesDFW 2017 conference by Itzik Kotler from SafeBreach Labs.

Slides are availble here

Version

0.1.0

Installation

mkmalwarefrom requires Python and was tested with Python 2.7.13.

$ git clone https://github.com/SafeBreach-Labs/mkmalwarefrom.git
$ cd mkmalwarefrom
$ python mkmalwarefrom.py -h

Example: Generating /bin/ls from Yahoo

# assume mkmalwarefrom root directory
$ cat /bin/ls | ./mkmalwarefrom.py -1 http://www.yahoo.com > download_ls.py
$ python download_ls.py > ls2 
$ md5 /bin/ls ls2

Example: Generating /usr/bin/nc from /usr/bin/ssh

# assume mkmalwarefrom root directory
$ cat /usr/bin/nc | ./mkmalwarefrom.py -2 /usr/bin/ssh > mk_nc.py
$ python mk_nc.py > nc2
$ md5 /usr/bin/nc nc2

License

BSD 3-Clause